Page 1 of 17
Document History Version Amendments Date Amended by 2.1 Corrected index numbering, revised Section 30-Jul-2014 Application Support 1.6 and references to 1.6; Corrected formatting 2.2 Added: 2.2 Document History, Footer and 01-Aug-2014 Application Support Intertek Logo 2.3 Changed document name 18-Aug-2014 Application Support 2.4 Updated section 1.6 regarding Windows XP 06-Jun-2016 Solutions Architect Page 2 of 17
Table of Contents 1 Customers 1.1 What is the purpose of the esignature implementation? 1.2 Which Certificate Authority (CA) does Intertek use? 1.3 How long is a certificate valid for after it has been generated? 1.4 Why does the document have a yellow exclamation? 1.5 What is the official softcopy of an Intertek report? 1.6 What Windows settings are required for validation? 1.7 What are the steps to validate an Intertek esignature? 1.8 What if the PDF report was modified after it was signed? 1.9 Can a PDF report s content be modified after it was signed (such as making comments)? 1.10 Can PDF content be copied after it was signed? 1.11 What steps should be taken if esignature validation fails? 1.12 What versions of Acrobat Reader are supported? 1.13 Is it necessary to install any software for esignature validation? 1.14 How much internet bandwidth is required for esignature validation? 2 Appendix 2.1 Failure cases Page 3 of 17
1 Customers 1.1 What is the purpose of the esignature implementation? esignature is used to ensure the integrity of an Intertek document. The esignature solution will prevent forged and modified PDF reports by logging any changes after the report was signed. The customer is able to validate the signature as well as confirm the time and date stamp and view the log of modifications made after the document was digitally signed. 1.2 Which Certificate Authority (CA) does Intertek use? Intertek uses the CoSign Certificate Authority by ARX (http://www.arx.com). Certificate Authority (CA) is an entity that issues digital certificates. The CA is the authority who certifies that the digital signature is in fact valid and was signed by the person who says they signed. This process is done by digital encryption. 1.3 How long is a certificate valid for after it has been generated? A certificate is valid for a 1 year period. All documents signed within that year will have the same expiry date for the digital certificate. The certificate is generated only when it is first signed. To confirm when a certificate expires: Click on the icon in the open PDF Expand the Rev. 1: Signed by line Expand Signature Details and select Certificate Details Certificate viewer will show the Valid from and Valid to dates (showing when the certificate was created and when it expires). Page 4 of 17
1.4 Why does the document have a yellow exclamation? If the error says Signature is valid, but revocation of the signer s identity could not be checked, first ensure the user has Internet connection. Then, follow the steps in 1.3 to check the certificate expiry date. Although this message is received, the signature attached to the document is still valid for the purpose of authentication and authorization. To avoid this warning, the following configuration can be done in Adobe. Click menu item: Edit > Preferences. Page 5 of 17
Select the item Security on the left side panel, and then click on the Advances Preferences button: Page 6 of 17
Uncheck the checkbox Require certificate revocation checking to succeed whenever possible during signature verification. Page 7 of 17
From here on the user will no longer get a warning. 1.5 What is the official softcopy of an Intertek report? The official softcopy of any company report is the Intertek-signed report in PDF format. Any other formats, such as Excel and Word are for reference only as per customers request. 1.6 What Windows settings are required for validation? Validation requires that the root certificates that are part of the operating system are up to date. Root certificate updates are part of the normal Windows patching process from Microsoft. Common information from Microsoft about current updates and operating system versions can be found here. Page 8 of 17
To update the root certificates: o For Windows XP Microsoft stopped providing updates for Windows XP in April of 2014, when Windows XP reached end-of-life. The update to apply legacy certificates to Windows XP was released in 2014, but is no longer provided by Microsoft. Windows XP systems should already have this update applied if updated since 2014. o For Windows Vista (and higher) Root certificates on Windows Vista and later versions are distributed through the automatic root update mechanism. More information on this process can be found on the main Root Certificates Update page 1.7 What are the steps to validate an Intertek esignature? Before validating Intertek s esignature, first ensure that Acrobat Reader s settings have been updated and that the latest patches have been applied for both the Window operating system and Acrobat Reader. For details, please refer to Section 1.6 of this document, What Windows settings are required for validation? When opening a signed PDF report for the first time, Acrobat Reader will display the message Signed and all signatures are valid on top of the document if the certificate is valid. To verify the certificate of Intertek s esignature, perform the following steps: Step 1 - Click the Signature Panel button at the top right of the PDF. Step 2 - Expand the Rev.1 menu. Step 3 - Expand the Signature Details menu. Step 4 - Click on Certificate Details, see the Summary tab. (Note: The navigation shown is based on Acrobat Reader 9.0; other versions of Acrobat Reader may be present in a different menu.) Certificate Details Please ensure that the PDF Report is validated and the certificate information similar to the information below. An Intertek representative may provide different specifics depending on specific location or the type of business. Page 9 of 17
Signed Office e.g. Consumer Goods - Hong Kong Signed Company Intertek Group plc Issued by CoSign Certificate Authority by ARX ARX (Algorithmic Research) The PDF report is not issued by Intertek if: Issued by is not CoSign Certificate Authority by ARX and company is not Intertek Group plc Step 1 Step 2 Step 3 Step 4 Page 10 of 17
esignature is not validated If the esignature of a PDF report is not validated, Acrobat Reader will display the message At least one signature has problem. One cause of this problem may be a lost internet connection. Once the Internet connection is restored, open the PDF report again, Acrobat will proceed with authenticating the esignature. If the PDF report is not validated, the information provided in either the certificate or the document may not be correct. 1.8 What if the PDF Report was modified after it was signed? If any content was modified after the report was digitally signed, the message Signed and all signatures are valid, but with unsigned changes after last signature will display and related modifications will be logged as below: Page 11 of 17
If pages were added/deleted after the PDF was signed, the message At least one signature is invalid. will display and pages added/deleted will be logged. 1.9 Can a PDF report s content be modified after it was signed (such as making comments)? Modifications should not be made to Intertek s PDF report content. Any content changes after signing, will be logged in the file and the display message Signed and all signatures are valid, but with unsigned changes after last signature will display. Page 12 of 17
For details, please refer to Section 1.8 of this document, What if the PDF report was modified after it was signed? If there is a need to perform markups on Intertek s report, creating a copy of the file is recommended for that purpose. 1.10 Can PDF content be copied after it was signed? Report content should not be copied. Intertek cannot guarantee the integrity of any content copied outside of the signed and validated Intertek PDF. 1.11 What steps should be taken if esignature validation fails? Double check the Windows settings. For details, please refer to Section 1.6 of this document, What Windows settings are required for validation? If validation continues to fail, contact your company s IT Department to verify that the proxy server settings are not blocking validation. 1.12 What versions of Acrobat Reader are supported? Acrobat Reader version 6.0.2 and above is supported. However, the latest version of Acrobat Reader is recommended. 1.13 Is it necessary to install any software for esignature validation? Only Acrobat Reader version 6.0.2 or above is needed. Acrobat Reader can be downloaded free of charge at www.adobe.com Once installed, configure Windows settings. For details, please refer to Section 1.6 of this document, What Windows settings are required for validation? 1.14 How much Internet bandwidth is required for esignature validation? There is no minimum bandwidth required. The validation process transfers minimal data. Page 13 of 17
2 Appendix 2.1 Failure cases Case Detail 1 Signed and validated - Signature identity is valid Screen 1 2 Changes made after signature was applied, nothing shown in signature panel Screen 2 3 Signed and validated failed - The signer's identity is unknown Screen 3 4 Incorrect Acrobat Reader configuration (Window integration page is not checked) Screen 4 5 Network or server unreachable Screen 5 6 Incorrect Acrobat Reader configuration (with verification function switched off) Screen 6 7 Unknown error Screen 7 Screen 1 Page 14 of 17
Screen 2 Screen 3 Page 15 of 17
Screen 4 Screen 5 Page 16 of 17
Screen 6 Screen 7 Page 17 of 17